File: android-cloexec-pipe.rst

package info (click to toggle)
llvm-toolchain-11 1%3A11.0.1-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 995,808 kB
  • sloc: cpp: 4,767,656; ansic: 760,916; asm: 477,436; python: 170,940; objc: 69,804; lisp: 29,914; sh: 23,855; f90: 18,173; pascal: 7,551; perl: 7,471; ml: 5,603; awk: 3,489; makefile: 2,573; xml: 915; cs: 573; fortran: 503; javascript: 452
file content (21 lines) | stat: -rw-r--r-- 566 bytes parent folder | download | duplicates (33) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
 
.. title:: clang-tidy - android-cloexec-pipe

android-cloexec-pipe
====================

This check detects usage of ``pipe()``. Using ``pipe()`` is not recommended, ``pipe2()`` is the
suggested replacement. The check also adds the O_CLOEXEC flag that marks the file descriptor to
be closed in child processes. Without this flag a sensitive file descriptor can be leaked to a
child process, potentially into a lower-privileged SELinux domain.

Examples:

.. code-block:: c++

  pipe(pipefd);

Suggested replacement:

.. code-block:: c++

  pipe2(pipefd, O_CLOEXEC);